1. Field of the Invention
The present invention relates to storage area networks, and more particularly to encryption of data stored on storage units by elements contained in the storage area network.
2. Description of the Related Art
As computer network operations have expanded over the years, storage requirements have become very high. It is desirable to have a large number of users access common storage elements to minimize the cost of obtaining sufficient storage elements to hold the required data. However, this has been difficult to do because of the configuration of the particular storage devices. Originally storage devices were directly connected to the relevant host computer. Thus, it was required to provide enough storage connected to each host as would be needed by the particular applications running on that host. This would often result in a requirement of buying significantly more storage than immediately required based on potential growth plans for the particular host. However, if those plans did not go forward, significant amounts of storage connected to that particular host would go unused, therefore wasting the money utilized to purchase such attached storage. Additionally, it was very expensive, difficult and time consuming to transfer unused data storage to a computer in need of additional storage, so the money remained effectively wasted.
In an attempt to solve this problem storage area networks (SANs) were developed. In a SAN the storage devices are not locally attached to the particular hosts but are connected to a host or series of hosts through a switched fabric, where each particular host can access each particular storage device. In this manner multiple hosts could share particular storage devices so that storage space could be more readily allocated between the particular applications on the hosts.
One aspect of this switched fabric is a series of point to point links between the switches in the network. In many cases these links are secure, but in some cases portions of the links may not be completely secure. There are various efforts to provide security to the links, such as disclosed in U.S. patent application Ser. No. 10/062,125, entitled “Network Security and Applications to the Fabric Environment” by James Kleinsteiber, Richard Hammons, Dilip Gunawardena, Hung Nguyen, Shankar Balasubramanian, and Vidya Renanarayanan filed Jan. 31, 2002, which is hereby incorporated by reference. But further security efforts to further secure the links may be desirable.
Alternatively, some links may be slower than other links in the network in certain cases. It may not be feasible to upgrade the speed of those links for numerous reasons. But it would still be desirable to increase the overall performance of those slower links to improve network performance.
In certain cases, a combination of both of the above concerns can be present in a given network. It would be desirable to handle both concerns in a single switch or provide the flexibility to handle either or both concerns in a single switch.
Even if the links are sufficiently secure, in some cases it may be desirable to encrypt the data being stored in the storage devices. While this may be done using specialized systems, either hardware, software or a combination, in the relevant host or storage device, this would require purchasing those specialized systems, which could increase cost and would reduce flexibility of the network. Therefore, it would be desirable to provide the encryption ability without requiring the host or storage device to be changed.